"Programm kann nicht geöffnet werden"-Virus

equalman

Hallo,
meine Freundin hat sich wohl einen Virus eingefangen.
Der PC zeigt nach dem Start einen weißen Bildschirm mit der Meldung "Das Programm kann nicht geöffnet werden" und nichts geht mehr. Habe bereits einen Thread dazu gefunden:

http://www.trojaner-board.de/125167-...-anzeigen.html

Allerdings kann ich da nicht meine Erfahrungen posten...

Habe die angegebenen Schritte durchgeführt, meiner Freundin die Boot-CD erstellt und das OTLPE durchgeführt. Allerdings kam hierbei nur eine OTL.txt heraus, keine Extras.txt.

Poste abschließend das Ergebnis der OTL.txt und würde gerne erfahren, wie ich weiter vorgehen soll?!

Besten Dank schon mal und mfG,
Lutz G.

OTL.txt:

OTL logfile created on: 10/14/2012 6:22:17 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.99 Gb Total Space | 279.48 Gb Free Space | 61.29% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2012/10/14 10:46:27 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/18 00:19:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/03 06:37:56 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/07/14 09:59:32 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/05/08 07:48:36 | 000,229,376 | ---- | M] () [Auto] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009/09/11 06:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009/06/23 11:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/05/20 14:18:32 | 000,075,048 | ---- | M] () [Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2009/05/14 17:03:30 | 000,305,448 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/04/11 13:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008/03/18 15:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/22 04:35:52 | 000,103,808 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2012/07/14 09:59:44 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/01/09 12:59:32 | 000,468,272 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/01/09 12:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2012/01/09 12:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/05/07 11:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010/04/09 09:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/03/25 04:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/03/20 05:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/03/20 04:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/09/18 12:23:08 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/07/21 14:42:05] [Kernel | Auto] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2009/02/20 22:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/01/28 03:51:40 | 004,303,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/12/29 18:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/04 12:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/12/04 12:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/12/04 12:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/10/09 07:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008/10/09 07:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008/09/04 00:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/02/29 19:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Rena_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
IE - HKU\Rena_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\Rena_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Rena_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Rena_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\Rena_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
IE - HKU\Rena_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\Rena_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Rena_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/02/13 14:19:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011/05/11 15:06:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/08/19 08:54:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/18 00:19:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/15 12:27:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/18 00:19:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/15 12:27:53 | 000,000,000 | ---D | M]

[2009/09/11 09:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rena\AppData\Roaming\Mozilla\Extensions
[2012/05/27 15:36:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\dqdn7zs1.default\extensions
[2011/01/22 17:35:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\dqdn7zs1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/15 16:57:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\dqdn7zs1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/05/25 13:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/05 09:32:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2012/08/19 08:54:21 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2012/08/18 00:19:10 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/18 15:02:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/18 15:02:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/18 15:02:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/18 15:02:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/18 15:02:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/18 15:02:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Rena_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Rena_ON_C..\Run: [{3AC1011D-2A80-2F71-37C2-8CDF38AB7997}] File not found
O4 - HKU\Rena_ON_C..\Run: [caip.exe] File not found
O4 - HKU\Rena_ON_C..\Run: [jlzvqfwdassoybr] C:\ProgramData\jlzvqfwd.exe ()
O4 - HKU\Rena_ON_C..\Run: [MobileDocuments] File not found
O4 - HKU\Rena_ON_C..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - Startup: C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.3628721094786935.exe.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = File not found
O4 - Startup: C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0c1c7f81-7bf6-11e0-abce-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{0c1c7f81-7bf6-11e0-abce-001e101f1ed9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4b9b2291-4da2-11e1-88e5-001f16b1a73a}\Shell - "" = AutoRun
O33 - MountPoints2\{4b9b2291-4da2-11e1-88e5-001f16b1a73a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{5571e16a-cd69-11de-8272-001f16b1a73a}\Shell\AutoRun\command - "" = E:\Menu.exe
O33 - MountPoints2\{6a25db15-6469-11e0-9677-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{6a25db15-6469-11e0-9677-001e101f8aaa}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9d930c16-61c2-11e0-a525-001f16b1a73a}\Shell - "" = AutoRun
O33 - MountPoints2\{9d930c16-61c2-11e0-a525-001f16b1a73a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9d930c49-61c2-11e0-a525-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{9d930c49-61c2-11e0-a525-001e101f82a0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b9591d06-b1b2-11df-9353-001f16b1a73a}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{b9591d06-b1b2-11df-9353-001f16b1a73a}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{e199d109-6da7-11df-92de-001f16b1a73a}\Shell\AutoRun\command - "" = E:\pccompanion\Startme.exe
O33 - MountPoints2\{e199d109-6da7-11df-92de-001f16b1a73a}\Shell\menu1\command - "" = E:\pccompanion\Startme.exe
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/10/07 10:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\cwpnyakvaplbldo
[2012/10/05 16:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/10/05 16:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/10/05 16:35:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/23 06:21:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/23 06:21:27 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2012/09/23 06:21:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/23 06:21:24 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/23 06:21:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/23 06:21:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/23 06:21:23 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/23 06:21:23 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/09/23 06:21:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/23 06:21:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/15 05:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2009/07/21 17:09:37 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/14 11:12:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/14 11:11:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/14 11:11:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/14 11:11:46 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/14 11:09:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/14 11:08:53 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/14 10:46:27 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/14 10:46:26 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/07 10:20:11 | 000,076,349 | ---- | M] () -- C:\ProgramData\bcbgdjcgccyamiw
[2012/10/07 10:20:06 | 000,103,424 | ---- | M] () -- C:\ProgramData\jlzvqfwd.exe
[2012/10/06 19:06:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/05 16:56:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/10/05 16:35:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/09/24 15:26:59 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/09/24 15:26:59 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/24 15:26:59 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/09/24 15:26:59 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/24 15:22:34 | 000,034,713 | ---- | M] () -- C:\Users\Rena\Desktop\Hausarbeit Innere Differenzierung.odt
[2012/09/18 14:37:55 | 000,081,522 | ---- | M] () -- C:\Users\Rena\Desktop\Freunde fürs Leben.odt
[2012/09/15 05:52:21 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/09/15 05:52:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/07 10:20:11 | 000,103,424 | ---- | C] () -- C:\ProgramData\jlzvqfwd.exe
[2012/10/07 10:20:06 | 000,076,349 | ---- | C] () -- C:\ProgramData\bcbgdjcgccyamiw
[2012/09/18 14:37:52 | 000,081,522 | ---- | C] () -- C:\Users\Rena\Desktop\Freunde fürs Leben.odt
[2012/09/15 10:16:14 | 000,034,713 | ---- | C] () -- C:\Users\Rena\Desktop\Hausarbeit Innere Differenzierung.odt
[2012/08/17 17:26:25 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/10/27 08:13:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/25 15:59:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/25 15:59:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 11:15:36 | 000,057,344 | ---- | C] () -- C:\Users\Rena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 08:08:28 | 000,006,836 | ---- | C] () -- C:\Users\Rena\AppData\Local\d3d9caps.dat
[2009/07/21 16:57:11 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/07/21 16:57:11 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/07/21 16:57:11 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/07/21 16:57:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/07/21 16:57:11 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009/07/21 16:57:11 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009/07/21 08:42:44 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/07/21 08:27:36 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/07/21 08:27:36 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/07/21 08:27:36 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009/07/21 08:27:36 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/07/21 08:24:25 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2009/07/21 08:24:25 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2009/07/21 08:24:25 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009/07/21 08:24:25 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/07/21 08:24:25 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/07/21 08:24:25 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/07/21 08:18:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/06/16 07:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/03/12 06:47:51 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/03/12 06:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/03/12 06:47:51 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/03/12 06:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/03/12 06:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/03/11 22:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/11 16:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/02/11 16:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/02/11 16:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008/04/08 08:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,321,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/12/26 15:16:39 | 000,000,000 | -HSD | M] -- C:\Users\Rena\AppData\Roaming\.#
[2009/07/21 08:42:41 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Acer GameZone Console
[2011/11/25 18:17:01 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Amazon
[2012/03/13 15:10:43 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Boykkac
[2011/05/11 15:07:10 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Bytemobile
[2009/11/15 11:36:10 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Canon
[2012/08/19 08:54:24 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\CheckPoint
[2012/08/19 08:21:46 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Dropbox
[2012/03/14 04:25:50 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Evyx
[2012/08/13 11:29:55 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Gotot
[2011/04/25 08:55:23 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\OpenOffice.org
[2010/08/09 15:59:58 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\PowerCinema
[2010/08/09 17:33:47 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\SoftDMA
[2010/05/02 18:59:36 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\stickies
[2011/05/11 15:07:09 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Vodafone
[2011/12/01 19:11:31 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Wise Registry Cleaner
[2012/08/06 16:06:24 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Xoos
[2009/07/21 08:42:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console
[2009/09/11 05:03:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2012/08/17 16:43:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net
[2009/10/11 17:04:05 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2012/06/26 13:40:04 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJ
[2012/01/16 13:53:35 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEGV
[2009/10/11 17:26:20 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEPPEX
[2009/10/11 17:20:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJMyPrinter
[2012/10/03 04:43:02 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM
[2009/11/15 11:36:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2009/10/11 17:20:39 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJSolutionMenu
[2012/08/19 08:47:52 | 000,000,000 | ---D | M] -- C:\ProgramData\CheckPoint
[2012/10/07 10:20:12 | 000,000,000 | ---D | M] -- C:\ProgramData\cwpnyakvaplbldo
[2011/04/08 05:34:15 | 000,000,000 | ---D | M] -- C:\ProgramData\DatacardService
[2009/09/11 05:03:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/09/11 05:03:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/09/11 05:05:45 | 000,000,000 | ---D | M] -- C:\ProgramData\EgisTec
[2009/07/21 08:41:16 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2009/09/11 05:03:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/09/11 08:35:42 | 000,000,000 | ---D | M] -- C:\ProgramData\JollyBear
[2010/08/09 17:33:48 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayMovie
[2009/09/11 05:03:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/07/22 16:32:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2011/05/11 15:06:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Vodafone
[2009/09/11 05:03:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/02/13 14:21:54 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2012/05/28 06:43:32 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/26 21:55:41 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/10/14 11:12:31 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TempCAF903C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8
< End of report >